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Abstract. Symbolic models are abstract descriptions of continuous systems in which symbols represent 
aggregates of continuous states. In the last few years there has been a growing interest in the use of symbolic 
models as a tool for mitigating complexity in control design. In fact, symbolic models enable the use of well 
known algorithms in the context of supervisory control and algorithmic game theory, for controller synthesis. 
Since the 1990's many researchers faced the problem of identifying classes of dynamical and control systems 
that admit symbolic models. In this paper we make a further progress along this research line by focusing 
on control systems affected by disturbances. Our main contribution is to show that incrementally globally 
asymptotically stable nonlinear control systems with disturbances admit symbolic models. When specializing 
these results to linear systems, we show that these symbolic models can be easily constructed. 



1. Introduction 

In recent years we have witnessed the development of different symbolic techniques aimed at reducing the 
complexity of controller synthesis |EFP06j . These techniques are based on the idea that many states can 
be treated as equivalent, when synthesizing controllers, and can thus be replaced by a symbol. The models 
resulting from replacing equivalent states by symbols, termed symbolic models, are typically simpler than the 
original ones, in the sense that they have a lower number of states. In many cases, one can even construct 
symbolic models with a finite number of states which is especially useful since controller design problems can 
then be solved on the symbolic models by resorting to well established results in supervisory control |RW87j 
and algorithmic game theory jZie98[ IAVW03j . 

The search for classes of systems admitting symbolic models goes back to the 1990 's and was motivated by 
problems of verification of dynamical and hybrid systems. Alur and Dill showed in |AD94] that timed automata 
admit symbolic models; this result was then generalized in [ACHII93J INOSY93] to multirate automata and 
in jIIKPV98l IPV94j to rectangular automata. More complex continuous dynamics, but simpler discrete 
dynamics, were considered in |AHLPOO] . where it was shown that o-minimal hybrid systems also admit 
symbolic models. Symbolic models for control systems were only considered later and early results were 
reported in jKASLOOi IMRO021 IFJL02[ ICW98] . More precise results appeared recently in ^TP06l ITabOTbj 
where it was shown that discrete-time controllable linear systems admit symbolic models. Most of these 
results are based on appropriately adapting the notion of bisimulation introduced by Milner [Mil89 and Park 
[Par81| to the context of continuous and hybrid systems. A different approach emerged recently through 
the work of |YWOO[ IHMP05[ IGP07| ITab07a| , where an approximate version of bisimulation was considered. 
While (exact) bisimulation requires that observations of the states are identical, the notion of approximate 
bisimulation relaxes this condition, by allowing observations to be close and within a desired precision. This 
more flexible notion of bisimulation allows the identification of more classes of systems, admitting symbolic 
models. Indeed, the work in [Tab06 showed that for every asymptotically stabilizable linear control system it 
is possible to construct a symbolic model, which is based on an approximate notion of simulation (one-sided 
version of approximate bisimulation). Extensions of the results in |Tab06] . from approximate simulation to 
approximate bisimulation can be found in 'Gir07l |PGT07| . In particular jPGT07| showed that, for the class 
of (incrementally globally) asymptotically stable nonlinear control systems, symbolic models exist which are 
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approximate bisimulation equivalent to control systems, with a precision that can be chosen a priori, as a 
design parameter. 

Systems considered in the above described literature were either purely dynamical (e.g. [AHLPOO] and the 
references therein) or control systems (e.g. [TP06I lTab06l ITab07bl IGirWl IPGT07] ) not affected by exogenous 
disturbances. However, in many realistic situations, physical processes are characterized by a certain degree 
of uncertainty which is often modeled by additional exogenous disturbance inputs. 

The main contribution of this paper is to show that incrementally globally asymptotically stable control systems 
affected by exogenous inputs do admit symbolic models. 

The presence of disturbances requires us to replace the notion of approximate bisimulation used in |GP07I 
IPG T07' with the notion of alternating approximate bisimulation, inspired by Alur and coworkers' alternating 
bisimulation [AHKV98] . To the best of the authors knowledge, alternating approximate bisimulation was 
never used before in the context of control systems. This novel notion of bisimulation is a critical ingredient 
of our results since, as illustrated in Section [3.2| through a simple example, approximate bisimulation fails to 
distinguish between the different role played by control inputs and disturbance inputs. Consequently, control 
strategies synthesized on symbolic models based on notions of bisimulation and approximate bisimulation 
cannot be transfered to the original models in a way which is robust with respect to disturbance inputs. Al- 
ternating approximate bisimulation solves this problem by guaranteeing that control strategies synthesized on 
symbolic models, based on alternating approximate bisimulations, can be readily transferred to the original 
model, independently of the particular evolution of the disturbance inputs. In addition to show existence of 
symbolic models for a fairly general class of nonlinear control systems we also show that for linear control 
systems, symbolic models can be easily constructed by leveraging existing results on approximation of reach- 
able sets (see e.g. |Var98[ IGir05b[ IKVOO|, IHST05| and the references therein). Since control systems with 
disturbances can be thought of as arenas for differential games |Isa99j . our results also provide an alterna- 
tive approach to the study of differential games by means of tools developed in computer science (see e.g. 
[Zii98lEVW03] ). 

Similar ideas to the ones of this paper have been recently explored in [PT07j for the class of linear control 
systems with disturbances. A detailed discussion on relationships between results of the present paper and 
the ones in [PT07], can be found in the last section of this paper. A comparison with the work in |vdS04] . 
where systems with disturbances are also considered, appears in the last section of this paper. 
This paper is organized as follows. Section [2] introduces the class of control systems that we consider and 
some stability notions that will be used in the subsequent developments. Section [3] introduces the notion of 
alternating transition systems that we use as an abstract representation of control systems and the notion 
of alternating approximate bisimulation upon which our results rely. Section |4] is devoted to show existence 
of symbolic models for incrementally globally asymptotically stable nonlinear control systems. In Section [5] 
we specialize the results of Section |4] to the class of linear control systems and illustrate them in Section |6] 
Finally, some concluding remarks are offered in Section [Tj 

2. Control systems and stability notions 

2.1. Notation. The symbols Z, N, E, IR+ and Rq denote the set of integers, positive integers, reals, positive 
and nonnegative reals, respectively. The identity map on a set A is denoted by 1a- Given two sets A and 
B, if A is a subset of B we denote by ia '■ A ^ B or simply by z the natural inclusion map taking any 
a G A to t{a) = a E B. Given a function f : A ^ B the symbol f{A) denotes the image of A through /, 
i.e. f{A) -.^ {b e B : 3a e A s.t. b = f{a)}; if C C A, f\c : C B denotes the restriction of / to C, so 
that /|c(c) = /(c) for any c £ C. We identify a relation R C A x B with the map i? : A — > 2^ defined by 
b £ R{a) if and only if (a, b) E R. Given a relation R C A x B, R~^ denotes the inverse relation of R, i.e. 
R~^ := {(6, a) E B X A : {a,b) & R}. Given a vector a; G M" we denote by x' the transpose of x and by Xi the 
i-th element of a;; furthermore ||a;|| denotes the infinity norm of a:; we recall that ||a;|| := max{|a;i|, \x2\, \xn\}, 
where \xi\ is the absolute value of Xi. Given a matrix M, the symbol ||M|| denote the infinity norm of M; if 
M G M"^™, we recall that ||M|1 :— maxi<i<„j J2]=iWij\- The symbol conv{x^,x^, ...,x™) denotes the convex 
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hull of vectors e M". A bounded set of the form conv{x^,x'^, ...,x"^) is called a polytope. Given 

a set A C M", the symbol A denotes the topological closure of A. The symbol B^{x) denotes the closed ball 
centered at a; e M" with radius e G K([, i.e. Be{x) = {y e M" : \\x - y\\ < e}. For any A C M" and /x e R 
define [A]^ -.= {a G A \ Ui = ki^, ki G Z i = 1, ...,n}. By geometrical considerations on the infinity norm, for 
any ^ £ R"*" and A > /i/2 the collection of sets {I3\{q)}q^^nj^ is a covering of M", i.e. M" C Uqep"]^,'^^^^)' 
conversely for any A < /i/2, M" ^ Ug6[R"] ^>^{l)- Given a measurable function / : M.^ M, the (essential) 
supremum of / is denoted by |l/|loo; we recall that ||/||oo := {ess)sup{\\f{t)\\, t > 0}; f is essentially bounded 
if II /Hoc < oc'- For a given time t S define fr so that /r(i) = f{t), for any i e [0,t), and /(t) = 
elsewhere; / is said to be locally essentially bounded if for any r e M"'", /r is essentially bounded. A function 
/ : R" — > R is said to be radially unbounded if f{x) — » oo, as — » oo. A continuous function 7 : Kq — s- Rq , 
is said to belong to class K. if it is strictly increasing and 7(0) = 0; 7 is said to belong to class /Coo if 7 € /C and 
7(r) ^ 00, as r ^ 00. A continuous function /3 : Rq x Rg — » Rq is said to belong to class fCL if for eax3h fixed 
s, the map (3{r, s) belongs to class /Coo with respect to r and, for each fixed r, the map /3(r, s) is decreasing 
with respect to s and f3{r,s) ^ 0, as s — > 00. Given a metric space (X, d), we denote by dh the Hausdorff 
pseudo-metric induced by d on 2"^; we recall that for any Xi,X2 C X: 

dh{Xi,X2) := ma^{dh{X,,X2),dh{X2,X,)}, 

where: 

dh{Xi,X2) = sup inf d(a;i,a;2), 

is the directed Hausdorff pseudo-metric. We recall that the Hausdorff pseudo-metric dh satisfies the following 

properties for any Xi,X2,X3 C X: (i) Xi = X2 implies dh{Xi,X2) = 0; (ii) dh{Xi,X2) = dh{X2,Xi); (iii) 
dh{Xi,X3) < dh{Xi,X2)+dhiX2,Xs). 

2.2. Control Systems. The class of systems that we consider in this paper is formalized in the following 
definition. 

Definition 2.1. A control system is a quadruple: 

where: 

• R" is the state space; 

• W = U X V is the input space, where: 

— U C R™ is the control input space; 

— y C R^ is the disturbance input space; 

• W = i/xVisa subset of the set of all measurable and locally essentially bounded functions of time 
from intervals of the form ]a., b[C R to W with a < and 6 > 0; 

• / : R" xW ^ R" is a continuous map satisfying the following Lipschitz assumption: for every compact 
set ii' c R", there exists a constant L > such that 

\\f{x,w) - f{y,w)\\ <i||a;-y||, 

for all x,y G K and all w e W. 

An absolutely continuous curve x :]a, 6[— > R" is said to be a trajectory of S if there exists w e W satisfying: 

x(i) = /(x(i),w(i)), 

for almost all t G ]a, b[. 

Although we have defined trajectories over open domains, we shall refer to trajectories x :[0,r] R" defined 
on closed domains [0,t], t G R"*" with the understanding of the existence of a trajectory z :]a, R" such 
that X = z|[o We will also write x(r, .i;,w) to denote the point reached at time r E]a. b[ under the input w 
from initial condition x; this point is uniquely determined, since the assumptions on / ensure existence and 
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uniqueness of trajectories. 

In some of the subsequent developments we assume that control systems are forward complete. We recall that 
a control system E is forward complete if every trajectory is defined on an interval of the form ]a, cx)[. The 
following result completely characterizes forward completeness. 

Theorem 2.2. |AS99j Consider a control system E = {W\W,WJ) and suppose that W is compact. Then 
S is forward complete if and only if there exists a radially unbounded smooth function V : M" — )■ Rq such that 
for any x G M" and for any w the following exponential growth condition is verified: 

dV 

— f{x,w)<Y{x). 

Simpler, but only sufficient, conditions for forward completeness are also available in the literature. These 
include linear growth or compact support of the vector field (see e.g. [LM67J). Whenever we need to distinguish 
between a control input value u and a disturbance input value v in (u, v) (z W we slightly abuse notation by 
writing /(x, u, v) instead of f{x, (it, v)). Analogously, whenever we need to distinguish between u and v in an 
input signal (u,v) g W, we write x(t, a;,u,v) instead of x(r, a;, (u,v)). 



2.3. Stability notions. The results presented in this paper will assume certain stability assumptions on the 
control systems. We briefly recall those notions and results that will be used in this paper. 

Definition 2.3. |Ang02| A control system S is said to be incrementally globally asymptotically stable (5-GAS) 
if it is forward complete and there exist a /C£ function (3 such that for any t £ Rq , any xi,X2 G R" and any 
input signal w e W the following condition is satisfied: 

(2.1) ||x(i,a:i,w) -x(t,a:2,w)|| < l3{\\xi - X2\\ ,t). 

The above definition can be thought of as an incremental version of the classical notion of global asymptotic 
stability (GAS) [Kha96;. Furthermore when / satisfies /(0,0) = 0, S-GAS imphes GAS of E with W = {0}, 
by just comparing a trajectory of E with any initial condition x e M" and identically null input w(i) = , 
t e Rq , with the null trajectory x(t) = 0, t G Rq . In general, it is difficult to check directly inequality (2.1 1. 
However, J-GAS can be characterized by dissipation inequalities. 

Definition 2.4. |Ang02| Given a control system E, a smooth function: 

V : M" X M" ^ M+, 

is called a J-GAS Lyapunov function for E, if there exist ICoo functions ai, a2 and p such that: 

(i) for any {xi,X2) G M" x M" 

ai(||a;i - a;2||) < V(a;i,a;2) < a2(||a;i - X2II); 

(ii) for any xi,X2 G and any w £ W 

dV dV 

— f{xi,w) + —f{x2,w) < -p{\\xi - X2\\)- 

The following result completely characterizes 5-GAS of a control system in terms of existence of Lyapunov 
functions. 

Theorem 2.5. |Ang02| Consider a forward complete control system E = (R", W, W, /) and suppose that W 
is a compact subset o/R"* x M*. Then E is S-CAS if and only if it admits a S-CAS Lyapunov function. 
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3. Symbolic models and approximate equivalence notions 



3.1. Alternating transition systems. In this paper we will use the class of alternating transition systems 
as abstract models of control systems. 

Definition 3.1. An (alternating) transition system is a tuple: 

T={Q,L, ► ,0,H), 

consisting of: 



• A set of states Q; 

• A set of labels L = A x B, where: 

— A is the set of control labels; 

— B is the set of disturbance labels; 

• A transition relation >- C Q x L x Q; 

• An output set O; 

• An output function H . Q ^ O. 



A transition system T is said to be: 

• metric, if the output set O is equipped with a metric d : O x O ^ M.\ 

• countable, if Q and L are countable sets; 

• finite, if Q and L are finite sets. 



We will follow standard practice and denote by q °'^ > p, a transition from q to p labeled by a, b. Transition 

systems capture dynamics through the transition relation. For any states q,p ^ Q, q ► p simply means 
that it is possible to evolve or jump from state q to state p under the action labeled by a and b. A transition 
system can be represented as a graph where circles represent states and arrows represent transitions (see e.g. 
Figure [T|). A transition system as in Definition 3.1 can be thought of as an arena for a 2-players game, where 



the protagonist acts by choosing control labels and the antagonist acts by choosing disturbance labels. We 
will use transition systems as an abstract representation of control systems. There are several different ways 
in which we can transform control systems into transition systems. We now describe one of these which has 
the property of capturing all the information contained in a control system S. Given E = (M", U xV,UxV,f) 
define the transition system: 

T(E) := (g,L, ^ ,0,H), 

where: 

• Q = M"; 

• L = Ax B where A^U and B = V; 

• q «- p if a trajectory x : [0, r] M" of E exists so that x(t, q, u, v) = p for some t G M+; 

• = M"; 



In the subsequent developments we will work with a sub-transition system of r(S) obtained by selecting those 
transitions from r(S) describing trajectories of duration r for some chosen t e M+. This can be seen as a 
time discretization or sampling process. 
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Definition 3.2. Given a control system E = {W\U x V,U x V,/) and a parameter r e M+ define the 
transition system: 

where: 

• Qr = K"; 

• Lr — At X Bt where: 

Ar — {u E U \ the domain of u is [0, r]}, 
= {v G V I the domain of v is [0, r]}; 

• q -— ► p if a trajectory x : [0, r] M" of E exists so that x(t, q, u, v) = p; 

• Or = M"; 

• Ht — 1r'. . 



Note that TV(S) is a metric transition system when we regard Or = M" as being equipped with the metric 

d(p,g) = b- ^ll- 

3.2. Alternating and approximate bisimulations. In this section we introduce a notion of approximate 
equivalence upon which all the results in this paper rely. The notion that we consider, is the one of bisimu- 
lation equivalence jMil89l IPar81| . Bisimulation relations are standard mechanisms to relate the properties of 
transition systems pGP99j . Intuitively, a bisimulation relation between a pair of transition systems Ti and 
T2 is a relation between the corresponding sets of states explaining how a sequence of transitions ri of Ti can 
be transformed into a sequence of transitions r2 of T2 and vice versa. While typical bisimulation relations 
require that ri and r2 are observationally indistinguishable, that is Hiiri) = Hiir^), we shall relax this by 
requiring H\(r\) to simply be close to a^ij-i)-, where closeness is measured with respect to the metric on the 
output set. The following definition has been introduced in |GP07] and in a slightly different formulation in 
ITabOTaj . 

Definition 3.3. Given two transition systems T\ = — ,0,Hi) and T2 = {Q2,L2, — ^ ,0,i?2) 

with the same output set and metric d, and given a precision e G M.q , a relation 

i?C Qi X Q2, 

is said to be an e-approximate bisimulation relation between Ti and T2, if for any {qi,q2) G R- 

(i) d(i/i(gi),i/2fe)) <e; 

(ii) qi — ^ pi implies existence of q2 — ^ P2 such that {pi,P2) G R', 

(iii) q2 ► P2 implies existence of qi — j-^ Pi such that {pi,P2) G ^• 

Moreover Ti is e-approximately bisimilar to T2 if there exists an e-approximate bisimulation relation R 
between Ti and T2 such that R{Qi) — Q2 and R^^{Q2) — Qi- 



Note that when e = 0, the notion of e-approximate bisimulation relation is substantially equivalent to the 
classical notion of Milner |Mil89j and Park |Par81| . The work in |PGT07] showed existence of symbolic models 
that are approximately bisimilar to 5-GAS control systems (with no disturbance). However, the notion in 



Definition 3.3 employed in [PGT07] . does not capture the different role of control and disturbance inputs in 
control systems. The following example shows that approximate bisimulation (in the sense of Definition 3.3 1 
cannot be used for control design of systems affected by disturbances. 
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Example 3.4. Consider the following control system: 

(3.1) Y.^ {R,U xV,U xVJ), 

where [/ = [1,2] C M, V — [0.4, 1] C M, x V is the class of all measurable and locally essentially bounded 
functions taking values in U xV, and f: RxUxV^M.is defined by f{x, u, v) — —2x + uv. We work in the 
compact state spacc[^X — [0,2]. Consider the transition system: 

(3.2) T={Q,L, -,0,i/), 

where: 

• Q = {91,92,93}; 

• {li,l2,h}; 

• q — '-^ p is depicted in Figure [l] 

• = M; 

• iJ : O ^ M is defined by H{qi) = 0, ^(92) = 1, and H{q:i) = 2. 

Given the desired precision e = 0.6 and r = 1, by using the results in jPGT07| . it is possible to show that the 
relation R C Qt x Q defined by: 

(3.3) i? = i?i X {gi}Ui?2 X {(72}Ui?3 X {93}, 

where Ri = [0,0.6], R2 = [0.4,1.6] and R^ = [1.4,2], is a 0.6-approximate bisimulation relation between 
TtC^) and T. Furthermore, since R{Qt) = Q and R^^{Q) = Qr transition systems Tt-(S) and T are 0.6- 
approximately bisimilaij^ Suppose now that the goal is to find a control strategy on T such that, starting from 

state 9i it is possible to reach the set {92, 93} in one step. By Figurejl] 91 — ^ 92 and 91 — ^ 93 and hence both 
labels I2 and ^3 solve that problem. Since (0, 91) € i?, the notion of approximate bisimulation (see condition (iii) 
of Definition 3.3) guarantees that starting from G i?i there exists a pair of labels (02,62), (osjt's) E Ar x Br 
so that: 

(3.4) ^ X2 e i?2, ^ X3 e i?3, 

in transition system TrC^). Indeed, by choosing constant curves {a2{t), b2{t)) = (1, 1) and {as{t), 63(i)) = (2, 1), 
t £ [0,1] we have: 

^ 0.865 e i?2, ^ 1.73 e i?3. 

r r 

However, if the constant disturbance label b{t) = 0.4, < G [0, 1] occurs instead of 62 = 63, we obtain: 

(3.5) 0.346 e 0.692 e i?2, 



thus showing that the control strategy in (3.4) does not produce the desired result on the transition system 
TrC^). Although T is not adequate to solve this problem, a solution does exist. Since 0.692 e R2 

and the set X is invariant for S, it is easy to see that for any b e Br, °^''' > x with x > 0.692 and hence 

X e i?2 U -R3. Therefore, control label guarantees that state € i?i reaches i?2 U i?3, robustly with respect 
to the disturbance labels action, whereas control label 02 does not. We stress that this different feature of 
control labels 02 and 03 is not captured by the notion of approximate bisimulation in Definition |3.3[ 



The set X is invariant for the control system S, i.e. x(t,x,u, v) £ X, for any x £ X, any (u,v) S W X V, and any time 
t £ RJ. Indeed it is easy to see that for any state x in the boundary of X and for any input (u, v) G U X V, f points in X, i.e. 

f{x,u,v)GX. 

^Transition system T coincides with transition system Tr,n,ti(^) as defined in (4.4) of |PGT07| . with t = 1, r; = 1 and fi = 0.01. 
Theorem 4.2 of IPGT07I guarantees that T is 0.6-approximately bisimilar to transition system Tr{S) with t = 1. Notice that 
condition (4.5) of IPGT07I boils down, in this case, to e~^'^e + fJ, + ri/2 < e, which is indeed satisfied. 
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Figure 1. Transition system T defined in (3.2 1 associated with control system S defined in (3.1 1 



The above example motivates us to propose the following definition that combines the notions of [GP07] and 
|Tab07aj . with the notion of alternating bisimulation, introduced by Alur and coworkers in |AHKV98] . 

Definition 3.5. Given two transition system Ti = {Qi,Ai x Bi, — ^ ,0,Hi) and T2 = (Q2,^2 x 



B2, — ^-^ ,0,112) with the same observation set and the same metric d and given a precision e £ , a 
relation 



i?C Qi X Q2, 

is said to be an alternating e-approximate (As A) bisimulation relation between Ti and T2 if for any (qi, (72) £ R- 

(i) d{Hi{qi),H2{q2))<e; 

(ii) Vai e Ai 3a2 G A2 V62 G B2 3&i e Bi such that: 

(3.6) qi pi, q2 P2, 

with (pi,P2) e R; 

(iii) Va2 G A2 3ai G ^1 V61 G Bi 3b2 G B2 such that: 

(3.7) qi pi, q2 P2, 
with (pi,P2) G R. 

Moreover, Ti is said to be AeA bisimilar to T2 if there exists an AeA bisimulation relation R between Ti and 
T2 such that i?(Qi) = Q2 and R-^{Q2) = Qi- 



It is easy to see that Definition |3.3| can be recovered as a special case of Definition |3.5[ when the cardinality 
of each of the sets Bi and B2 in transition systems Ti and T2 is one. Moreover when e = 0, the notion of 
bisimulation in Definition 3.5 coincides with the 2-players version of the definition proposed in |AHKV98] . 
Definition |3.5| captures the different role played by control and disturbance labels in the transition systems 



involved, whereas Definition 3.3 does not. In fact, by |AIIKV98j it is possible to show that AeA bisimulation 
relations preserve control strategies (see Lemma 1 in ^IIKV98 ) and hence prevent phenomena illustrated in 
Example 3.4 Indeed, conditions (ii) and (iii) of Definition 3.5 require that the choice of control labels is made 
"robustly" with respect to the action of disturbance labels. For example, given any control label ai in Ti, 
condition (ii) requires existence of a control label 02 in T2 so that, for any possible action of the disturbance 



labels 61 in Ti and &2 in T2 respectively, the corresponding transitions qi 



ai,6i 



pi and q2 



a,2 ,62 



P2 match the 



relation R, i.e. (pi,P2) G R. 

A dual notion of AeA bisimulation relation can be given when we reverse the role of control and disturbance 
labels in conditions (ii) and (iii), as follows: 



(ii') V61 G Bi 3b2 G B2 Va2 G A2 3ai G Ai such that (3^1 holds, with {pi,p2) G R; 
(iii') V62 G B2 3bi G Bi Vai G Ai 3a2 G A2 such that (3.7 1 holds, with {pi,p2) G R. 
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For later use, whenever we want to distinguish between the two notions of AeA bisiniulation relation, we 
refer to the notion of Definition 3.5 as {Ai, A2)-AeA bisimulation relation and to the notion of Definition 



3.5, where conditions (ii) and (iii) are replaced by conditions (ii') and (iii'), by {Bi, B2)-AsA bisimulation 



relation. Furthermore, a bisimulation relation R that satisfies conditions (i), (ii), (iii), (ii') and (iii') is called 
a {Ai, A2)-{Bi, B2)-AeA bisimulation relation. Consequently, if R{Qi) — Q2 and R^^{Q2) = Qi, transition 
systems Ti and T2 are said to be {Ai, A2)-{Bi, B2)-AeA bisimilar. 



4. Existence of symbolic models 
In this section we present the main result of this paper: 

Theorem 4.1. Consider a control system E = (M", U x V,U x V, f). IfHis 5-GAS and U x V is compact, 
then for any desired precision e G there exist t G M+ and a countable transition system T that is AeA 
bisimilar to Tt-(E). 



The above result is important because it shows existence of symbolic models for nonlinear control systems 
in presence of disturbances, and therefore it provides a first step toward the construction of symbolic models 
with guaranteed approximation properties. In fact, in the next section we show how to construct countable 
transition systems that are AsA bisimilar to linear control systems. 

Theorem |4.1| relies upon the 5-GAS assumption on the control system considered. This condition is not far 
from also being necessary. The following counterexample shows that unstable control systems do not admit, 
in general, countable symbolic models. 

Example 4.2. Consider a control system Y. — {R,U x V,U x V,f), where U xV = {0} x {0}, U x V = 
{0} X {0}, is the identically null input and f{x) = x. The input space U xV \s compact; furthermore E 
is unstable and hence not 5-GAS. Hence, E satisfies all the conditions required in Theorem |4.1| except for 



i5-GAS. We now show that there exists an e G M+ such that for any r G M"*" and any countable transition 
system T, transition systems TV(E) and T are not AeA bisimilar. Since U xV — {0} x {0}, the notions of 
bisimulation in Definition |3.3| and in Definition |3.5| coincide, and therefore in the following we will work, for 

Pick any e G 



simplicity, with the one in Definition 3.3 
system: 



any r G 



and any countable metric transition 



T - 



iQ,L, . ,R,H), 

\\p — q\\ of TV(S). Consider any relation RC 



with H : Q ^ R and the same metric d{p, q) 
conditions (i), (ii) and (iii) of Definition 3.1 

that such relation R does not exist. By countability of T, there exist qo (z Q and xq 



and such that R{Qt) 



Xo 7^ 2/0, and (xq, (?o), (2/0, ^o) e R- Set Xk = e'^'^xo, 
A G such that ||a::o — yo|| > A, we have: 



Q and R-^{Q) = Qr- 
2/0 e Qt 



X Q satisfying 
We now show 
~ K such that 



j/fc — j/o, for any fc G N. Since xq ^ yo, by selecting 



(4.1) 



\\xk - VkW = e^'^lko - 2/0II > e^''A,Vfc G N. 



3.3 



'"'^ A — e > e. By conditions (ii) and (iii) in Definition 
R~^{Q) — Qt, there must exist qk' G Q so that, {xk',qk'),{yk',qk') G R- Since {xk 



and since R{Qt) — Q and 
,%') e R, 



(4.2) 



\\xk' - H{qk')\\ <e. 



By combining inequalities (4.11 and (4.2 1 and by definition of fc', we obtain 
(4.3) 



\Hiqk')-yk'\\ > \\xk' -2/fc'll - \\xk' - H{qk')\\ > ej''' X - e > e 



Inequality (4.3 1 shows that the pair {yk',qk') & R does not satisfy condition (i) of Definition 



we conclude that a relation R C x Q satisfying conditions (i), (ii) and (iii) of Definition 3.3 
R{Qt) = Q and R~^{Q) = Qt does not exist. Thus transition systems T't-(E) and T are not AeA bisimilar. 



3.3 and hence 
and such that 
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The last part of this section will be devoted to the proof of Theorem |4.1| which is based on three steps: 

(1) we first associate a suitable transition system Tt-,,,,^(S) to a control system S = (M, U x V,U x V , f) 
(Definition |4.4| on page 13); 

(2) we then prove, under a compactness assumption on UxV , that transition system TV is countable 
(Corollary 4.6 on page 14); 

(3) we finally prove, under the (5-GAS assumption on E, that T7.,,,,^(S) is AeA bisimilar to T,-(S) (Theorem 
[4j]on page 14). 



STEP 1. Given a control system E, any t e M+, rj e M+ and /i e M+ we will define the transition system: 
(4.4) Tr,r,A^):^{Q,L, ^,0,H). 

Parameters t e M+,ry G and /i G in transition system T^^^^^(E) can be thought of, respectively, as a 
sampling time, a state space and an input space quantization. In order to define T^.^ ^(I]) we will extract a 
countable set of states Q from Qt- and a countable set of labels L from L,-, in such a way, that the resulting 
'7r,r),/j(S) is countable and AeA bisimilar to r^(S). 

From now on, we denote by d/j the Hausdorff pseudo-metric induced by the metric d of the observation 
space O-r of Tr(T.). Furthermore, since the output function Hr of 7V(S) is the identity function, we write 
d{x,y) = \\x-y\\, instead of d{x,y) = \\Hr{x) - Hr{y)\\. 

We start by showing that any subset of M" can be arbitrarily well approximated by a subset of the lattice 
[M"]^, where r/ is the precision that we require on the approximation. 

Lemma 4.3. For any set X C M" and any precision rj G M+ there exists P C [M"],, such that dh{P, X) < ri/2. 

Proof. By geometrical considerations on the infinity norm, X C ljpg[jj„] S^/2(p) said therefore for any x d X 
there exists p £ [IR"]r; such that d{x,p) = \\x—p\\ < r]/2. Denote hy d : X ^ ^ function that associates to 

any x £ X a, vector p £ [K"]), so that d(a;,p) — \\x — p\\ < 77/2 and set P — "diX). Notice that by construction, 
for any p £ P there exists x £ X such that d{x,p) — \\x — p\\ < ri/2 (choose x such that p = 'd{x)). Then by 
definition of d/j, the statement holds. □ 



By the above result, for any given precision rj £ E+ we can approximate the state space Qr — M" of T,-(E) by 
means of the countable set Q := [M"],,. This choice for Q guarantees that for any x £ Qt there exists q £ Q 
so that — q\\ < rj/2. 

The approximation of the set of labels of T'r(S) is more involved and it requires the notion of reachable set. 
We recall that given a forward complete control system S = (M", U x V,U x V, f), any r £ IR+ and x £ M", 
the reachable set of T^(S) with initial condition x £ Qr is the set TZ(t,x) of endpoints x(r, a::,a, b) for any 
a £ Ar and be Br, or equivalently: 

(4.5) 7^(T,x) := ^y £Qr:x y, a £ Ar, h £ B^j . 

Moreover, the reachable set of TV(S) with initial condition x £ Qr and control label a £ Ar is the set TZ{t, x, a) 
of endpoints x(t, a;,a, b) for any b £ Br, i.e. 

(4.6) n{T,x,a):={y£Qr:x^y,h£Br}. 

The reachable sets in (4.5 1 and ( |4.6[ ) are well-defined because the control system E associated with Tt-(S) is 
assumed to be forward complete. 

Given any desired precision fi £ M+, we approximate Lr by means of the set L := Ax B, where: 
(4-7) A := U,eQ^"(9), B := U,eQUaeA.(,)S"('7, a), 

and A^^{q) captures the set of control labels that can be applied at the state q £ Q, while B'^{q, a) captures the 
set of disturbance labels that can be applied at the state q £ Q when the chosen control label is a S A^^{q). The 
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definition of sets A and _B in (4.7 1 is asymmetric. This asymmetry follows from the notion of AeA bisimulation 



relation that we use, where control labels must be chosen "robustly" with respect to the action of disturbance 
labels (see conditions (ii) and (iii) in Definition 3.5 1. Given any r G M"*", define the following sets: 



(4.8) A^(r,g) :-{Pe2[«' 

B^(T,g,a) := {pe [E 



3a e Ar s.t. d,,(P, 7^(r, q, a)) < ^l/2}, 

\3heBr s.t. d(p,x(T,g,a,b)) = ||p - x(t, g, a, b)|| < fi/2}. 



Notice that for any P £ A^(t, g) there exists a (possibly infinite) set of control labels a £ Ar so that 
dh{P,TZ{T,q,a)) < ii/2. Analogously, for any p e Bp(T, (7,a) there exists a (possibly infinite) set of dis- 
turbance labels b G i?T- so that d(p, x(t, a, b)) = \\p — x(T,(7,a,b)|| < /i/2. In order to define the sets 
A^^{q) and B'^{q,a) in (4.7) we consider for any P £ Ap(T, g) only one control label a £ At and respectively 



for any p £ B^(r, (7,a) only one disturbance label h £ Br, as "representatives" of all control labels and all 
disturbance labels associated with the set P and the vector p, respectively. The sets A^{q) and i?''(g,a) will 
be defined as the collections of these representative control and disturbance labels, respectively. The choice of 
representatives is defined by the functions: 



(4.9) 
where: 



At, 



^J^'^^'':B^{T,q,a)~^BT, 



associates to any P £ A^(t, q) one control labej^a = i^Jf'{P) G At so that d/i(P, TZ{t, q, a)) < /i/2 



ip'^""" associates to any p £ Bp(T, q, a) one disturbance labe 



#b=' 



||p-x(r,g,a,b)|| < /i/2. 



^]j!'''^{p)^ Bt such that d{p, x(t, q, a, b)) 



By the above definition, functions ■0^''' and (fj^''^'^ are not unique. The sets A'^{q) and B^{q,a), appearing in 
(4.7), can now be defined by: 



(4.10) 



A^iq) 



B^{q,a) := ^^^'i--{B^{T,q,a)). 



Since the control system E is assumed to be forward complete, the reachable sets TZ{t, q, a), appearing in (4.8 1 
are nonempty; hence sets Af^{T,q) and B^(t, <;,a) in (4.8) are nonempty and therefore sets Af^lq) and B'^{q,a) 



in (4.10) are nonempty, as well. Furthermore, provided that sets kf^{T,q) and B^(t, g,a) in (4.8) are countable 



sets A'^(g) and B'^{q,a) in (4.10) are countable, as well. This would guarantee countability of sets of labels A 



and B in (4.7 1 and consequently, countability of the symbolic model in (4.4). (Note that the set Q = [M"],, in 



(4.4) is countable.) In the next step we will state conditions on control systems that guarantee countability 



of the sets A^(t, q) and B^(t, q, a). 

We now have all the ingredients to define transition system (4.4) 



Definition 4.4. Given a control system E 
the transition system: 



(4.11) 
where: 



R,U X V,U X V, /), any r G M+, G M+ and /Lt G M+ define 
T,,„,^(S) :-(Q,i, ,0,H), 



• L — A X B, where: 



and the sets A''(g) and B^{q,a) are defined in ( 4.10[ ); 
• q p, if a G A^^{q), b G B^'{q,a) and ||p - x(t, g, a, b) |1 < 7y/2; 



• = M"; 

• H ^ l:Q 



O. 



'These control and disturbance labels exist by the definition of the sets ^^^{t, q) and B^(t, q, a). 
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Transition system r^ ,j p(E) is metric when we regard O — M" as being equipped with the metric d(p, g) = 
— H{q)\\ = \\p — q\\; furthermore note that the metric employed for Tt-_^_^(S) is the same one used in 

transition system Tt-(E). In the definition of the transition relation >■ we require x(t, g, a, b) to be in the 

closed ball Br,/2{p)- We can instead, require x(r, g,a, b) to be in B\{p) for any A > r]/2. However, we chose 
A = ry/2 because ri/2 is the smallest value of A G that ensures M" C [Jq^[s^n]B\{q). In fact, this choice of 
A reduces the number of transitions in the definition of the symbolic model in (4.11 1. 



STEP 2. Transition system T^_^_p(E) is not countable, in general, because the set Ap(T, g) of (4.8 1 (which is 
involved in the definition of sets of labels A and B) is not scj^ However, if the reachable sets in (4.5 1 associated 
to S are bounded, we can guarantee countability of T^^^^^(S). 

Proposition 4.5. Consider a forward complete control system S = (M", U x V, U x V , f) and any r e M^. 
Suppose that for any x G M" the reachable sej^ 7?-(t, x) is hounded. Then, for any rj € M"*" and fi G M"*" the 
corresponding transition system T^_^_^(I]) is countable. 



Proof. Since for any rj E the set of states Q of T,-,,,,^(S) is countable, we only need to show that A and B 
are countable. Given any precision /_* G M+, for any q (z Q consider the set: 

P{q) := {p e [M"]^ : 3z G 7^(T, q) s.t. \\p - z\\ < fi/2}. 

The set TZ{T,q) is bounded and therefore the set P{q) is finite. Since for any qE Q, k^{T,q) C 2^^''^ k^{T^q) 
is finite and therefore A'-'-{q) = ipJ^''^{kfj_{T,q)) is finite, as well. Moreover since A is the union of finite sets 
A^{q) with q ranging in the countable set Q = [M"]r;, the set A is countable (see e.g. |Sto63] ). With respect 
to the set B, since for any state q E Q and any a e A'^{q), B^(t, (7,a) C [M"]^, the set B^(r, a) is countable 
and then B^{q,a) = </3j^'''''*(B^(r, g, a)) is countable, as well. Finally, since B is the union of countable sets 
B'^{q,a) with q ranging in the countable set Q — [M"],, and a ranging in the finite set A^{q), the set B is 
countable (see e.g. |Sto63p . □ 



A direct consequence of the above result is that if the state space of E is bounded, which is the case in many 
realistic situations, the proposed transition system T7.,,,,^(S) is finite. The following result gives a checkable 
condition that guarantees countability of rT-^^^^(E). 

Corollary 4.6. Consider a forward complete control system E = (M", t7 x V, U xV,f) and suppose that 
U X V is compact. Then, for any r G M+, rj G M"*" and ji € the corresponding transition system Tr^ri.iii'^) 
is countable. 

Proof. By Proposition 5.1 of |LSW96] . for any r G M+ and x E Qr the reachable set TZ{t,x) is bounded. 
Hence, the result follows by applying Proposition |4.5[ □ 



STEP 3. We can now give the following result, which relates J-GAS to existence of (not necessarily countable) 
symbolic models. 

Theorem 4.7. Consider a control system E = (M", U x V,U x V , f) and any desired precision e G M"^. //E 
is S-CAS, then for any t G M"*", ^ G K"*" and rj G M"*" satisfying the following condition: 

(4.12) /3(e, r) + + ?7/2 < e, 

the corresponding transition system Tt,,,,^(E) is As A bisimilar to r,-(E). 

^Recall that the power set of a countable set is in general not countable (see e.g. |Sto63n . 

^Note that sets 7?.(t, x) are well-defined because of the forward completeness assumption on the control system. 
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Before giving the proof of this result we point out that if S is (5-GAS, there always exist parameters r G M+, 
r] € K"*" and /i £ satisfying condition (4.12). In fact, if S is (5-GAS then there exists a sufficiently large 
T G M+ so that (3{e, r) < e; then by choosing sufficiently small values of /i and 7], condition (4.121 is fulfilled. 



Proof. Consider the relation R <Z x Q defined by (a;, g) g i? if and only if ||a; — gjl < e. By construction 
R~^{Q) = Qt] by geometrical considerations on the infinity norm, C IJpgjig,ij Brj/2{p) and therefore, since 



by (4.121 rj/2 < e, we have that R{Qt) = Q- We now show that R is an AeA bisimulation relation between 
Tt-(S) and r^,,,,p(E). 



Consider any (x, q) G R. Condition (i) in Definition 3.5 is satisfied by the definition of R and of the involved 



metric transition systems. Let us now show that condition (ii) in Definition 3.5 also holds. Since 5-GAS 
implies forward completeness, reachable sets defined in (4.6 1 are well defined, for any t G M+, x G Qt and 
a G Ar. 



Consider any ai £ At. Given any G M+, by Lemma 4.3 there exists P C [M"]^ such that: 
(4.13) d;,(P,7^(r,g,al)) <^/2. 



By inequality (4.13), P G Ap(T, q) and then let 3.2 be given bjj^aa = G A^'{q). By ( |4.13| , the definition 



of V't (} and the properties of we have: 
(4.14) dh{n{T, q, ai),n{T, q, aa)) < dft(P, 7^(T, q, ai)) + d,,(P, 7^(T, q, as)) < ^l. 

Con sider now any disturbance labeQbs G B^{q, as) C B^. and set z = x(r, q, as, bs) G TI{t, q, as). By inequal- 



ity (4.14) and the definition of dh, there exists zi G 7?.(r, g,ai) such that 

(4.15) d(zi,z)-||zi-z|| <^. 

The vectoi|^zi can be either in Tl{T,q,ai) or in 7?.(t, g, ai) \ 7?.(r, g, ai); in both cases for any a G M+ there 
exists Z2 G TZ{T,q,ai) such that: 

(4.16) d(zi,Z2) = ||zi -22II < CT. 

(In particular if zi G 7?.(T,g,ai) one can choose zi ~ zs.) Choose bi G Bt such that zs = x(T,g,ai,bi) 
(Notice that since zs G 7?.(t, g,ai), such bi G B^ does exist.). Consider the transition x ^li^ y in Tt-(E). 



Since Qr C 
(4.17) 



Bjj/2{q'), there exists p £ Q 



such that: 



d(z,p) = ||z-p|| <r//2. 



a2,b2 



Thus g p in T^,^,^(E). Since S is (5-GAS and by ( |4.16[ ), ( |4.15| ) and ( |4.17| the following chain of 

inequalities holds: 

\\y - p|l = lb - Zs + Zs - zi + zi - z + z - pII 

< - Zsll + ||Z2 - Zill + ||zi - Z|| + ||Z 

< P{\\x - q\\,T) + \\Z2- zill + ||zi - z|| + ||z -pII 

< l3{e,T) + a + fi + r]/2. 

By inequality (4.12 ), there exists a sufficiently small value oi a E such that f3{e, t) + a + 11 + ri/2 < e, and 



hence {y,p) G i? and condition (ii) in Definition 3.5 holds 



We now show that condition (iii) is also satisfied. Consider any as G A; since A d Ar, we can choose 



Note that depending on the choice of function V'T.g, which is not unique, a.2 can either coincide or not with ai. 
^Existence of such disturbance label is guaranteed by nonemptyness of set B^(q, 3.2). 

^The reachable set 7?.(r,g,ai) is in general not closed and therefore inequality (4.14i does not guarantee the existence of 



21 £ 7?.(r, g, ai), satisfying inequality ( |4.15| . However, by definition of d;,, the vector zi is guaranteed to be in the topological 
closure of the reachable set TZ{t, q,ai). 



14 



GIORDANO POLA AND PAULO TABUADA 



ai = a2 G At-. Consider any bi e B-r and set z — x(r, ai, bi). Since Q-r C IJ^'efR"] ^tJ./2il')j then there 
exists zi E such that: 

(4.18) d(z,zi) = llz-zill </V2. 

Furthermore z E TZ{T,q,ai) and hence, it is clear that zi E B^{T,q,ai) by definition of B^(r, <?, ai). Then let 
b2 be given bjnb2 — ipj^'^''^^ (zi) = ip'^''^''^^ (zi) E B^{q,a2). By definition of function f'^''^''^^ and by setting 
Z2 = x(t, g, a2, D2), it follows that: 

(4.19) d{zl,Z2)^\\zl-Z2\\<^l/2. 
Since Qr C U9'g[M"],'^»?/2('3''); there exists p E Q = [M"],, such that: 

(4.20) d(z2,p)-|k2-p|| < W2, 

and therefore q ^' »- p in Tt-^^^^(S). Consider now the transition x ^' »- y in T^(I]). Since S is i5-GAS and 



by (4.181, (4.19), (4.201 and (4.12), the following chain of inequalities holds: 



\\y ~ P\\ = \\y - Z + Z - Zi + Zi - Z2 + Z2 - p\\ 

< \\y - z\\ + \\z - zi\\ + \\zi - Z2II + \\z2 -p\\ 

< (3{\\x - t) + ||z - zill + \\zi- Z2\\ + \\Z2- p\\ 

< /3(e, r) + ^ + 77/2 < e. 
Thus {y,p) E R, which completes the proof. 



□ 



Finally, by combining Corollary 4.6 and Theorem 4.7 the proof of Theorem 4.1 holds as a straightforward 
consequence. 



5. Linear control systems 



In this section we specialize results of the previous section to the class of linear control systems. The motivation 
for addressing this special case is twofold: 

(i) the construction of symbolic models simplifies and can be easily performed; 

(ii) the proposed symbolic models are {Ai, A2)-{Bi, B2)-A£A bisimilar to linear control systems, while 



symbolic models defined in (4.11 ) are guaranteed to be only {Ai, A2)-AsA bisimilar to nonlinear con- 
trol systems. 



A linear control system is a control system S — (M", U x V,U x V, /), where the vector field / is linear, i.e. 
for any x E M", uEU and v eV, 

f{x, u, v) ~ Ax + Bu + Gw, 

for some matrices A, B and G of appropriate dimensions. With a slight abuse of notation we say that a linear 
control system E is asymptotically stable, when E with U x V = {0} x {0} is so. 
For any given r E consider the following sets: 



(5.1) 



TZa, := |p e : ^ p, a E A^j ; 
■■= {p e Qr ■■ P, hEBr} 



of reachable states of 7^(5^) from the origin by means of any control label a E A^ and identically null 
disturbance label and, respectively, by means of any disturbance label h E Br and identically null control 



Note that depending on the choice of function ipj^''^''^^ , which is not unique, b2 can either coincide or not with bi. 
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label 0. Notice that sets in (5.11 are well-defined since label curves a and b are locally essentially bounded. 

7] e R+ and 



We can now propose the following symbolic models for linear systems. 

,U X V,U X V, f) and any r G 



Definition 5.1. Given a linear control system S = ( 
II E M^, define the following transition system: 

(5.2) 

where: 



• Q = n; 

• A is a subset of [E"]^ for which d?,(A,7^AJ < m/2; 

• B is a subset of [M"]^ for which dh{B,nB^) < m/2; 

• q p, if the following inequality is satisfied 



(5.3) 



||x(r,g,0,0) + a + 5-p|| < 7//2; 



• = M"; 

• H = l:Q 



O. 



By Lemma 4.3 sets of labels A and B do exist; moreover they are countable. Hence, transition system T!r^^(E) 
is countable, as well. Notice that in this case we do not need to require the input set U xV to he compact for 
ensuring countability of ^^-^^^^(S), whereas in the case of nonlinear control systems it was indeed required (see 
Corollary 4.6 1. Furthermore, transition system Tt-^^^^(S) of (5.2 1 can be easily constructed. The construction 
of Tr^ri,^^^) relies on the computation of the reachable sets in (5.1). The exact computation of those sets is 



in general hard. However, there are several results available in the literature, that propose approximations of 
reachable sets for linear control systems (e.g. |Var981 [GirOSbi iKVOOi IHST05] and the references therein). For 
example following [V ar98[ IGir05b] , if U xV is compact and U xV is the class of all measurable and essentially 
bounded functions taking values in U xV, given any precisions e^^ , es^ S R"*", it is possible to compute a pair 
of polytopes Pe^^iTlA^), Pes, (^sJ so that: 

d, (Pe^, (Ua^ ) , J < CA^ , d„ (Pe«^ (7^B^ ) , 7^B J < es^ . 
To] 



Once sets Pe^^ {T^a^ ) and Pe^^ (^s^) are knowrj | the computation of sets of labels A and B can be performed, 
as well. In fact, sets A and B can be computed on the basis of the approximating sets Pe^^(7?.^^) and 
Peg^{'R-B^), rather than on the basis of reachable sets TZa^ and TZb^- The numerical errors ca^ and es^ can 



be incorporated in the symbolic model in (5.2 1, by replacing inequality (5.3 1 by 



(5.4) 



||x(t, q, 0, 0) + a + - pII < ry/2 + e^^ + e^^ 



Moreover, since the norm in inequality (5.3 1 is the infinity norm, the construction of transition relation 

*■ can be performed, by using standard techniques available in the literature on linear matrix inequalities 

[BEFB94j . Indeed, by defining ^1(0) := {x e 
becomes: 



: Ma; < m} for some matrix M and vector m, condition (5.3 1 
M(e^^g + a + b-p)< (77/2) m. 



Note that transition system Tt-^,,^^(E) in (5.2 1 differs from the one proposed in (4.111 for nonlinear control 
systems, (only) in the definition of the sets of labels A and B. (It is easy to see that the definition of the 
transition relation in the two symbolic models is substantially equivalent.) In particular, the set of disturbance 
labels B is defined independently from the set of control labels A. This feature is in fact a direct consequence 
of the linearity assumption, resulting in the so-called superposition principle. We can now give the following 
result. 



The interested reader can refer to IVar98| for an analysis of the computational effort, required for computing polytopic 
approximations of reachable sets for linear control systems. 
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Theorem 5.2. Consider a linear control system S = (M", U x V,U x V, f) and any desired precision e G 
//S is asymptotically stable then for any t G M+ . /i G and rj G satisfying the following condition: 



(5.5) 



e + /i + ?7/2 < e, 



the corresponding transition system Tr^ri,n{'^) is As A bisimilar to Tr^S). 

Proof. Consider the relation R C x Q defined by (x, g) G i? if and only if ||a; — g|| < e. As shown in the 

We now show 



3.5 



proof of Theorem 4.7 R ^{Q) — Qt, R{Qt) = Q and R satisfies condition (i) in Definition 
that R satisfies also conditions (ii) and (iii) . 

Consider any {x, q) G R, any ai G A^. and choose 0-2 ^ A such that: 

(5.6) ||a2-x(T,0,ai,O)|| <^/2. 

(Such control label a2 exist because the set A is closed.) Consider any 62 G B. By the definition of B and of 
d^, there exists 63 (zTZb^ such that: 

(5.7) d(62,63) = II62-63II </i/2. 



The vector 63 can be either in TZ or in TZb^ \ ; in both cases for any a G there exists 64 G TZb^ such 
that: 



(5.8) 



&4II < cr- 



Choose bi G such that 64 = x(t, 0, 0,bi) and consider the transition x y in Tt-(S). Set z 

T 

x(t, q, 0, 0) + 02 + 62 e Qt] since Qr Q U9'e[R"]^'^>)/2('7')' there exists p e Q = [M"],, such that: 
(5.9) ^-^<77/2^ 



Thus q 
holds: 



p in rT-^^^p(E). By inequahties (5.9l, (5.6l, (5.8) and (5.5l, the following chain of inequalities 



(5.10) 



< 
< 

< 
< 



y — z + z — p\\ 
y- z\\ + \\z-p\\ 

x(r, a;,ai, bi) - (x(r, q, 0, 0) + 02 + 62)!! + v/2 
x{t,x- g, 0,0) +x(T,0,ai,O) -02 + x(t,0,O, bi) - 62 + ^3 - hi 
e'^^x - q)\\ + ||x(T,0,ai,O) - a2|| + II&4 - fcsll + II&3 - ^211 +?7/2 
e^^\\e + n/2 + <j + fi/2 + r]/2. 



77/2 



By inequality (5.5), there exists a sufficiently small value of cr G M+ such that (3{e,T) + a + fi + r]/2 < s, and 
hence {y,p) G R and condition (ii) in Definition 3.5 holds. 

Condition (iii) of Definition 3.5 can be shown by using same arguments and therefore it is omitted. □ 



We stress that conditions of Theorem |5.2| are conceptually equivalent to conditions of Theorem |4.7| In fact 
5-GAS for linear control systems is equivalent to the asymptotic stability of matrix A. Furthermore, it is well 



known (e.g. |Son04j ) that for linear control systems, function /? ap pearing in inequality (2.1 1, can be chos en a s 



\xi - X2\\ ,t) = 



xi — X2\\, and therefore condition (4.12) boils down in this case to condition (5.5) 



Although assumptions on Theorem 5.2 and Theorem |4.7| coincide for the class of linear control systems, we 



stress that Theorem 5.2 and Theorem 4.7 relate TrCS) to symbolic models in (4.11) and (5.2), respectively. 
While the construction of symbolic model in (4.11) is hard in general, as pointed out before symbolic model 



in (5.2) can be easily constructed. Furthermore, Theorem 5.2 can be extended to a more general result that 



we state hereafter. 

Corollary 5.3. Consider a linear control system S ~ (M", U xV,U x V, f) and any desired precision e G M+. 
// E is asymptotically stable then for any t G /i G M+ and rj G M+ satisfying condition {5.5), transition 
system Tr^^^^(E) is {At,A)~- {Br, B)~AeA bisimilar to T,-(S). 
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The proof of the result above is a straightforward consequence of the symmetric definition of set of labels 
A X B in transition system Tr^ri,fii'^) and is therefore omitted. Note that the same reasoning does not apply 
to the general case of nonlinear control systems. The result above is important from a game theory point of 
view. Suppose that the goal is to find a symbolic model for an infinite state game, the arena of which, is given 
by a linear control system. Then, Corollary |5.3| provides a way of finding a symbolic model that can be used 
at the same time to design strategies both for the protagonist and for the antagonist of the game. 



6. Illustrative Example 



In this section we illustrate the results of the previous section in the context of direct current motors. Consider 
the simplified model of a direct current motor: 



(6.1) 



X = Ax + Bm + Gv, 

xex,ueu,vev, 



where x = (xi X2)' , xi is the current, X2 is the angular velocity, u is the applied voltage, v is the load torque 
disturbance and: 



A = 



-R/L 
1/J 




1/J 



where R = 2 and L — 0.5 are the resistance and the inductance associated with the armature of the direct 
current motor; kb = 0.1 is the back electromagnetic force; km = 0.1 is the torque constant; kf = 0.2 is the 
viscous friction constant and J = 0.4 is the inertia momentum. We suppose that: 

X = [0, 0.6] X [0, 0.6]; U = [0.3, 0.7]; V = [-0.02, 0.02]. 



All variables and constants appearing in system (6.1) are expressed in the International System. The control 
problem that we focus on is the one of disturbance rejection and it consists in finding a (memoryless) control 
strategy u, so that for any initial condition x £ X and any disturbance v S V, the corresponding angular 
velocity X2 at time t — b is above 0.1, or equivalently: 



(6.2) 



x(5,a;,u,v) e X* := [0,0.6] x [0.1,0.6]. 



Since the system in (6.1) is asymptotically stable, we can apply Theorem 5.2 Set the precision e = 0.5 and 



T — 5. By choosing fj, = 0.3 and 77 = 0.15, inequality (5.5) is satisfied and therefore the transition system 
75,0.3,0.15(2) defined in ([5^, is AeA bisimilar to T^iY.) with e = 0.5. 



The construction of transition system 15 0.3,0.15(2) requires the computation of the reachable sets TZa^ 
and TZb^, as defined in (5.1). By using results in |Gir05b] and the toolbox MATISSE |Gir05a] . it is possi- 
ble to compute the following polytopic outer approximations Pe^^(TZA-r) and Pg^^iTZB^) of TZa^ and TZb^, 
respectively: 



(6.3) 



PeA^ {T^A^ ) = conv 
Feg^{TZB^) = conv 



0.1627 
0.5524 

-0.0002 
0.0862 



0.0908 
0.2320 

0.0002 
-0.0862 



0.0220 
0.2474 



0.0939 
0.5678 



0.0002 
-0.0862 



-0.0002 
0.0862 



Numerical errors ca^ and cb^ for the sets in (6.3), can be evaluated by using Lemma 1 of |Gir05b| . resulting 
in eA^ = 3.0453 • 10^^ and cb^ — 3.8067 • 10^'^. Since e >> maxje^i^, cb^} we will neglect errors ca^ and 
cb^ in the following developments. (However, as pointed out in the previous section, numerical errors ca^ and 
cb^ could be incorporated in the symbolic model (5.2), by replacing inequality (5.3) by (5. 4 1.) On the basis 
of the sets in (6.3) we can compute the sets of labels A and B of transition system (5.2), as shown in Figure 



[2] The resulting symbolic model: 

(6.4) ^5.0.3,0.15(2) 



iQ,Ax B, 



of (5.2 1 is given by: 
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Figure 2. Left panel: Outer approximation Pea (^a^) of reachable set TZa^ and control 
labels set A (black spots). Right panel: Outer approximation Peg^{TZB^) of reachable set 
TZb^ and disturbance labels set B (black spots). 



q *- p 


91 


92 


93 


94 


95 


96 


97 


98 


99 


ai, bi 


56 


93 


93 


93 


93 


93 








0.1, h2 


96 


93 


93 


93 


93 


93 


93 


93 


93 


0.1, H 


16 


93 


93 


93 


93 


93 


93 


93 


93 


02, bi 


<?3 


93 


93 


93 


93 


93 


93 


93 


93 


02, b2 


93 


93 


93 


93 


93 


93 


93 


93 


93 


02, b3 


92 


92 


92 


93 


93 


93 


93 


93 


93 


OS, bi 


92 


93 


93 


93 


93 


93 


93 


93 


93 


03, b2 


92 


92 


92 


93 


93 


93 


93 


93 


93 


03, b3 


92 


92 


92 


92 


92 


92 


93 


93 


93 


04, bi 


92 


92 


92 


93 


93 


93 


93 


93 


93 


OA, b2 


92 


92 


92 


92 


92 


92 


93 


93 


93 


OA, b3 


92 


92 


92 


92 


92 


92 


92 


92 


92 



Table 1. Transition relation of transition system Ts^o. 3, 0.15(2^) defined in (6.4|. Entry gg 
corresponding to the second row and second column means that there is a transition from qi 
to labeled by ai,6i. Entries "-" correspond to transitions that end up outside the set X. 



• Q = {gi, 92, 93, 94, 95, 96, 97, 98,99}, where gi = (0,0)', 52 = (0,7?)', 93 = (0,2?7)', 54 = (ry,0)', 95 = 
{ri,Vy, 96 = (??,2r/)', 97 = (2?7,0)', 98 = (2?7,ry)', 99 = (2r7,2r,)'; 

• A = {01,02,03,04}, where oi = (0.1500,0.5250)', 02 = (0.0750,0.4500)', 03 = (0.0750,0.3750)' and 
04 = (0.0750,0.3000)'; 

• B = {61, 62, 63}, where bi = (0, 0.0750)', 62 = (0, 0)' and 63 = (0, -0.0750)'; 

• q - p is defined in Table 111 

• H^L-.Q^O. 

The above symbolic model is depicted in Figure|3] By Theorem 5.2 transition systems 15^0.3,0.15(2) and T^^S) 
are AeA bisimilar with e — 0.5; furthermore it is easy to see that: 

X* - ^0.5(93) u ^0.5(95) u ^0.5(99). 
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Hence, the disturbance rejection problem can be solved on the symbolic model in (6.4 1, by finding for any 

state q G Q, the set U*{q) of all control labels a £ A so that q p G {q3,qe, qg} for any disturbance label 
b G B. A simple inspection of Table [T] provides the following solution to the control problem on the symbolic 
model: 



(6.5) 



U*{qi) 
U*{q4) 
U*{q7) 



U*{q2) 
U*{q^) 
U*{qs) 



U*{q3) 
U*{q6) 
U*iq9) 



{ai}; 
{fll- 02}; 
{02,03}- 



On the basis of control labels in (6.5 1 it is possible to synthesize controllers for solving the disturbance rejection 
problem on the original linear control system (6.1 1. Indeed, since the system in ( |6.1[ ) is controllable, by using 
standard results in linear control theory (see e.g. jSon98] ) for any control label a e {oi, 02, 03} C TZJj in (6.5l 
it is possible to compute a control input u gU so that: 



f e^(^-*)Bu(t)dt. 



By definition of the transition system in (6.4 1, the obtained control inputs solve the disturbance rejection 
problem on the original system in (6.1 ). 



7. Discussion 



In this paper we showed existence of symbolic models that are AeA bisimilar to 5-GAS nonlinear control 
systems with disturbances. Moreover, the parameter e describing the precision, can be chosen as small as 
desired. For the special class of (asymptotically stable) linear control systems the resulting symbolic models 
are not only easily computable but, they are also {Ai, A2)-{Bi, B2)-AeA bisimilar to the original systems. 
The results of this paper generalize the work in |PGT07I to control systems in presence of disturbances 
(compare Theorem [tj| and Theorem 4.2 of |PGT07] 1. While Theorem 4.2 of [ PGT07j states existence of 
symbolic models that are approximately bisimilar (in the sense of Definition 3.3 1 to (5-GAS control systems. 
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Theorem |4.7| shows existence of symbohc models that are AeA bisimilar to control systems influenced by 



disturbances. As pointed out in Section 3.2 the results of f PGT07] cannot directly be applied to the case of 



control systems with disturbances. Indeed as Example 3.4 shows, the symbolic model (4.4) of [PGT07] do 
not capture the different role played by the control inputs and by the disturbance inputs. As a consequence, 
control strategies synthesized on the symbolic model of [PGT07j cannot be transfered to the original system. 
The same observation applies to the results in |vdS04| . As the focus of |vdS04] was the reduction of control 
systems and not control design, the employed notion of bisimulation was a variation the one of Milner [Mil89] 
and Park |Par81| . However, as in the case of the results in |PGT07] . the notion of bisimulation in |vdS04] 
cannot be used for control design. 

This paper also shares similar ideas with |PT07| . The work in |PT07| proposes symbolic models for linear 
control systems with disturbances. The approximation notion employed in |PT07j is AeA simulation (one- 
sided version of AeA bisimulation). The results in this paper extend the ones in |PT07] by: 

(i) enlarging the class of control systems from linear to nonlinear; 

(ii) enlarging the class of control inputs from piecewise constant to measurable and locally essentially 
bounded; 

(iii) generalizing results from simulation to bisimulation. 



In particular by (iii), the symbolic model in Definition 5.3 provides a more accurate description of the control 



system than the one proposed in [PT07. . This is essential for controller synthesis since, if a controller fails to 
exist for the symbolic model in |PT07j . nothing can be concluded regarding the existence of a controller for 
the original control system. Our results guarantee, instead, that given a control system and a specification, 
a controller exists for the original model if and only if a controller exists for the symbolic model, up to the 
resolution e. 

Future work will concentrate on constructive techniques to obtain the symbolic models whose existence was 
shown in this paper. 



Acknowledgment. The authors would like to thank Antoine Girard (Universite Joseph Fourier, France) for 
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